OSPF External LSA Forward Address

• By Joe Astorino
• June 1, 2011
• 5 Comments

Yesterday over on groupstudy Carlos Mendioroz posted a very interesting “OSPF Quiz”. The puzzle intrigued me to the point where I had to go ahead and lab it up myself. The basic idea for the topology is depicted in the below diagram. By the way, my good buddy Marko Milivojevic posted in the same thread and I shamelessly stole his basic lab setup for my own tests. Thanks Marko : )

Introduction

We have three routers here, R2, R4 and R5 and they all run OSPF on all the interfaces in area 0.  Both R2 and R4 have a static route to 200.200.200.200/32 with a next-hop of 192.168.24.254.  This next-hop does not really exist, but that doesn’t matter.  The point of having the static route is just for redistribution.  Both R2 and R4 redistribute static into OSPF.  They will both use a type E1 OSPF external route, but R2 advertises the route in with a metric of 20 while R4 advertises it in with a metric of 50.  All the serial links have a bandwidth of 1544k so all the OSPF costs there are equal.  Since I am not fortunate enough to have FastEthernet on my R4, I had to simulate FastEthernet in OSPF by changing the OSPF cost of E0/0 to 1 instead of 10.

With all that being said, the puzzle is — On R5 what route or routes will I see for 200.200.200.200/32?  At first glance, I took the bait and said what most people would — “R5 will have a single OSPF E1 route to 200.200.200.200 via R2 because R2 redistributes the route with a lower metric.”  Wrong.  Why?  Read on!

Initial Configurations

R2#sh run | s ospf
router ospf 1
 log-adjacency-changes
 redistribute static metric 20 metric-type 1 subnets
 network 192.168.24.2 0.0.0.0 area 0
 network 192.168.25.2 0.0.0.0 area 0
R2#
R2#sh run | i ip route
ip route 200.200.200.200 255.255.255.255 192.168.24.254

R4#sh run | s ospf
 ip ospf cost 1
 ip ospf priority 255
router ospf 1
 log-adjacency-changes
 redistribute static metric 50 metric-type 1 subnets
 network 192.168.24.4 0.0.0.0 area 0
 network 192.168.45.4 0.0.0.0 area 0
 neighbor 192.168.45.5
R4#
R4#sh run | i ip route
ip route 200.200.200.200 255.255.255.255 192.168.24.254

R5#sh run | s ospf
router ospf 1
 log-adjacency-changes
 network 192.168.25.5 0.0.0.0 area 0
 network 192.168.45.5 0.0.0.0 area 0

OK, let’s see what’s going on over on R5

R5#sh ip route ospf
     200.200.200.0/32 is subnetted, 1 subnets
O E1    200.200.200.200 [110/85] via 192.168.45.4, 00:06:52, Serial2/0
                        [110/85] via 192.168.25.2, 00:06:52, Serial2/1
O    192.168.24.0/24 [110/65] via 192.168.45.4, 00:34:53, Serial2/0
                     [110/65] via 192.168.25.2, 00:34:53, Serial2/1

Well, that is somewhat interesting/entertaining/disturbing depending on which way you look at it! We have equal cost load-balancing going on. R5 learned the route with an equal cost of 85 from both R2 and R4. But how could that be? We redistributed the route from R2 with a lower metric of 20 as opposed to a metric of 50 from R4. Let’s take a look at the OSPF LSDB for this entry

R5#sh ip ospf database external

            OSPF Router with ID (192.168.45.5) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 603
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 200.200.200.200 (External Network Number )
  Advertising Router: 192.168.25.2
  LS Seq Number: 80000001
  Checksum: 0xE315
  Length: 36
  Network Mask: /32
        Metric Type: 1 (Comparable directly to link state metric)
        TOS: 0
        Metric: 20
        Forward Address: 192.168.24.254
        External Route Tag: 0

  LS age: 574
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 200.200.200.200 (External Network Number )
  Advertising Router: 192.168.45.4
  LS Seq Number: 80000001
  Checksum: 0x784C
  Length: 36
  Network Mask: /32
        Metric Type: 1 (Comparable directly to link state metric)
        TOS: 0
        Metric: 50
        Forward Address: 192.168.24.254
        External Route Tag: 0

OK, so we see both external LSA’s, and they even have the correct metrics of 20 and 50. So, what gives? The answer lies with the forward address field in the LSA. The forward address is basically the next-hop for the route. Notice how it is 192.168.24.254 in both LSA entries. That is the next-hop of our static route on R2 and R4! Normally, when you redistribute a route into OSPF, the ASBR will set this forward address field to 0.0.0.0 meaning the forward address is the ASBR itself. However, there are very specific situations where this can be changed. See these two great articles from Cisco for more information or rfc2328

Common routing problem with OSPF forwarding address
The effects of the forwarding address on type 5 LSA path selection

There are five conditions that ALL must be satisfied to get a non-zero forward address.  They are listed below

• OSPF is enabled on the ASBR’s next hop interface AND
• ASBR’s next hop interface is non-passive under OSPF AND
• ASBR’s next hop interface is not point-to-point AND
• ASBR’s next hop interface is not point-to-multipoint AND
• ASBR’s next hop interface address falls under the network range specified in the router ospf command.

What do you know, we meet all five requirements in our little example : ) So what exactly is happening?  Because we are running OSPF on the LAN side interfaces of both R2 and R4, both routers set the forward address to 192.168.24.254 instead of 0.0.0.0 when they do the redistribution into OSPF.  R2 does this with a metric of 20 while R4 does this with a metric of 50.  R5 will receive both LSA’s and will prefer the LSA with a metric of 20.

HOWEVER, since the forward address is a non-zero value what happens is R5 looks to see what metric it has to get to the actual forward address itself.  So essentially, R5 does a “show ip route 192.168.24.254” and sees the following

R5#sh ip route 192.168.24.254
Routing entry for 192.168.24.0/24
  Known via "ospf 1", distance 110, metric 65, type intra area
  Last update from 192.168.45.4 on Serial2/0, 00:51:30 ago
  Routing Descriptor Blocks:
    192.168.45.4, from 192.168.45.4, 00:51:30 ago, via Serial2/0
      Route metric is 65, traffic share count is 1
  * 192.168.25.2, from 192.168.45.4, 00:51:30 ago, via Serial2/1
      Route metric is 65, traffic share count is 1

There are equal cost paths to the forward address in this case. Since we have equal cost paths to the forward address, we get equal cost load balancing to the 200.200.200.200 route. Now, how do we get a cost of 85? Simple — The best metric was 20, redistributed in from R2. We take that 20 and add it to the cost to reach the forward address, in this case 65. 65+20 = 85.

Summary

When an OSPF ASBR redistributes routes, it will typically set the next-hop or “forward address” to itself, 0.0.0.0.  However, under specific circumstances this behavior will be altered and the ASBR will set the forward address to the next-hop router of the route it is redistributing.  When a router looks at an LSA containing a 0.0.0.0 forward address, it will look at what the cost is to get to the ASBR that redistributed the route.  When a router looks at an LSA containing a non-zero forward address, it will look at what the cost is to get to the actual forward address in the LSA.  If there are multiple equal cost paths to the forward address, you will see equal cost load balancing

Note, there is much more fun with the forward address field when you get into OSPF NSSA situations.  Hopefully, I will have time to dig into that with everybody soon as well.  Also, if you read those Cisco documents you will see what the actual purpose of that feature is in the first place.  Essentially, it is for more efficient routing in certain situations. There are also some fun/evil things you can accomplish with this feature that we will look into in my next blog on OSPF Ninja Filtering